Multifactor Authentication at TACC

TACC now requires Multi-Factor Authentication (MFA) as an additional security measure when accessing the compute and storage resources. To set up MFA pairing at TACC, proceed directly to the TACC pairing page.

If you are trying to set up MFA on a new account, you will not be able to generate a QR Code until after your account request is accepted by TACC Staff. Account requests are usually approved within 24 hours.

Authentication is the process of determining if you are you. Traditional methods of associating a user account with a single password have not been 100% successful. Multi-Factor Authentication (MFA) requires another step, or "factor", in the authenticaton process. In addition to the usual password users must complete authentication using another device unique to them, usually the user's mobile phone/device. TACC offers another device, the TACC Hard Token, as another authentication factor.

To pair a new device, sign in to the TACC User Portal and click on the "Manage Profile" link in the right corner. Users who've not set up MFA before will see a message similar to Figure 1. Figure 1. Profile with no MFA enabled

Click "Pair a Device" to get to the TACC device pairing page. Here you'll be presented with three different pairing methods. Users may authenticate with one and only one method. It's easy to pair and unpair using either of the first two methods.

2. Press the "Use the TACC Token App to pair" button on the portal (Figure 2. above). A personalized QR code will be generated on your computer screen as in Figure 4. below. Figure 4. Scan the generated QR code on your screen

3. Open the TACC Token App on your device. Your smartphone screen should appear similar to Figure 5a. Tap the "+" in the lower right corner of the app to start the pairing process. The app will launch the smartphone's camera. Scan the generated QR code on your computer screen. Do not scan the image on this tutorial's page.

TACC users who do not (or do) have smartphone devices may set up multi-factor authentication using standard SMS messaging.

When logging into a TACC resource you'll be prompted for your standard password, and then prompted for a "TACC Token Code". At this point a text message will be sent to your phone with a unique six-digit code. Enter this code at the prompt.

This token code is valid for this login session only and cannot be re-used. Please note that it may take up to 60 seconds for the text to reach you. We advise you to clear out your text messages in order to avoid confusion during future logins.

Users have the third choice of pairing using the TACC Hard Token, a fob-sized device that generates random numbers. The TACC Hard Tokens are available for purchase for $25 at the UT store. Users who do not have a UT EID may "checkout as guest". TACC will cover cost of shipping the token to the user's specified address.

Figure 7. TACC Hard Token (front and back)

Once you've received the TACC Hard Token, enter the token's serial number (on the back of the fob) on the portal pairing page, followed by clicking "next", and then entering the current 6-digit rolling token code shown on your screen.

Users located outside the U.S. must pair using either the TACC Token App or TACC Hard Token methods. Because the cost associated with sending multiple international text messages is prohibitive, international users may NOT set up multi-factor authentication with SMS.

Travelers who may experience intermittent wifi or internet access should also pair using either the TACC Token App or TACC Hard Token methods.

After typing in your password, you'll be prompted for "TACC Token Code:". At this point, turn to your device/phone.

If you've paired with SMS, you'll receive a text message containing a six digit verification code (figure 9a). Enter this code at the TACC Token Code: prompt. Please note that it may take up to 60 seconds for the text containing the token code to reach you. Each token code is valid for one login only and cannot be re-used.

If you've paired with the TACC Token App, open the app and the enter the six-digit number currently being displayed. If you mis-type the number, just wait till the app cycles (every 30-60 seconds) and try again with the next number (figure 9b).

Users who have paired using either of the first two methods, TACC Token App or SMS, may unpair using an automated process. Users who have paired with the TACC Hard Token cannot unpair without staff help. These users must submit a support ticket to unpair with the hard token.

Otherwise, to unpair your device, sign into the TACC User Portal and click on "Manage Profile". Depending upon the method of pairing you'll see a message similar to Figure 9. Click on the red subtract symbol to begin the unpairing process.

Figure 9. Profile configured with SMS pairing

On the next screen (Figure 10.) you'll be asked to to confirm the unpairing. Similar to the pairing process, you must verify unpairing by entering the token code when prompted. If you've lost access to the device you originally paired with, you may unpair using email notification.